From 7c589cd6ccbff4e813a236658244151e218acf69 Mon Sep 17 00:00:00 2001 From: bohung Date: Wed, 24 Aug 2022 16:23:59 +0800 Subject: [PATCH] Fix bug. --- install_nginx.sh | 56 +++++++++++++++++++++++++++--------------------- nginx.service | 29 +++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 25 deletions(-) create mode 100644 nginx.service diff --git a/install_nginx.sh b/install_nginx.sh index 10c4b2c..d3ac81e 100644 --- a/install_nginx.sh +++ b/install_nginx.sh @@ -87,6 +87,13 @@ fi if [[ ! -f /etc/init.d/nginx ]]; then sudo wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/nginx_service.sh -O /etc/init.d/nginx sudo chmod 755 /etc/init.d/nginx + sudo chown root:root /etc/init.d/nginx + if [[ "$ubuntu_ver" > "16" ]] || [[ "$ubuntu_ver" == "16" ]]; then + sudo wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/nginx.service -O /lib/systemd/system/nginx.service + sudo chown root:root /lib/systemd/system/nginx.service + sudo chmod 644 /lib/systemd/system/nginx.service + sudo systemctl daemon-reload + fi fi nginx_target_ver="1.23.1" if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$install_modsecurity" == "1" ]]; then @@ -97,33 +104,32 @@ if [[ "$nginx_ver" < $nginx_target_ver ]] || [[ "$1" == '--force' ]] || [[ "$ins fi #Build nginx and install sudo bash -l -c " - cd /root && - wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz && - tar -zxvf nginx-$nginx_target_ver.tar.gz && - cd nginx-$nginx_target_ver && - apt remove nginx --purge -y && - apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev && - $nginx_configure && - make -j$cpu_cores && make install && - rm -f /usr/sbin/nginx && - ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. && - service nginx restart - " + cd /root && \ + wget http://nginx.org/download/nginx-$nginx_target_ver.tar.gz && \ + tar -zxvf nginx-$nginx_target_ver.tar.gz && \ + cd nginx-$nginx_target_ver && \ + apt remove nginx --purge -y && \ + apt-get -y install libpcre3 libpcre3-dev libxml2 libxml2-dev libxslt-dev libgd-dev && \ + $nginx_configure && \ + make -j$cpu_cores && make install && \ + rm -f /usr/sbin/nginx && \ + ln -s /usr/share/nginx/sbin/nginx /usr/sbin/. && \ + mkdir -p /var/lib/nginx && \ + service nginx restart" if [[ "$install_modsecurity" == "1" ]]; then sudo bash -l -c " - cd /root/nginx-$nginx_target_ver && - make modules && - mkdir -p /etc/nginx/modules && - cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && - echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && - mkdir -p /etc/nginx/modsec && - wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && - mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && - cd .. && - cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && - sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && - wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf - " + cd /root/nginx-$nginx_target_ver && \ + make modules && \ + mkdir -p /etc/nginx/modules && \ + cp -f objs/ngx_http_modsecurity_module.so /etc/nginx/modules/. && \ + echo 'load_module modules/ngx_http_modsecurity_module.so;' > /etc/nginx/modules-enabled/50-mod-modsecurity.conf && \ + mkdir -p /etc/nginx/modsec && \ + wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended && \ + mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf && \ + cd .. && \ + cp -f ModSecurity/unicode.mapping /etc/nginx/modsec && \ + sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf && \ + wget http://gitlab.tp.rulingcom.com/erictyl/install_r45_on_ubuntu_1804lts_doc/-/raw/master/modsecurity_main.conf -O /etc/nginx/modsec/main.conf" fi if [[ $nginx_conf_exist == "0" ]]; then nginx_conf_path="/etc/nginx/nginx.conf" diff --git a/nginx.service b/nginx.service new file mode 100644 index 0000000..a909641 --- /dev/null +++ b/nginx.service @@ -0,0 +1,29 @@ +# Stop dance for nginx +# ======================= +# +# ExecStop sends SIGSTOP (graceful stop) to the nginx process. +# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control +# and sends SIGTERM (fast shutdown) to the main process. +# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends +# SIGKILL to all the remaining processes in the process group (KillMode=mixed). +# +# nginx signals reference doc: +# http://nginx.org/en/docs/control.html +# +[Unit] +Description=A high performance web server and a reverse proxy server +Documentation=man:nginx(8) +After=network.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' +ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;' +ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload +ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid +TimeoutStopSec=5 +KillMode=mixed + +[Install] +WantedBy=multi-user.target